A new vulnerability has been found in macOS Ventura. The leak is now being made public after Apple failed to fix it in ten months.
Vulnerability in macOS Ventura
Jeff Johnson is a developer who has found all kinds of security holes in various online services and software over the years. His most recent revelation is a vulnerability in macOS Ventura. He makes the leak public because Apple has not been able to solve the problem after ten months.
Johnson wrote in October a blog about macOS Ventura’s App Management feature, in which he discovered the vulnerability. He sent his finding to Apple Product Security. There they discovered the problem on October 19, but apparently nothing was done about it. Exactly nine months later, on August 19, Johnson made the leak public.
The danger of the macOS Ventura vulnerability
In general, vulnerabilities are disclosed within a certain period of time after the developer has been notified. This is often 60 to 120 days later, so that there is sufficient time to find a solution. But the only reason Johnson has made the leak public is because he no longer has faith that Apple will come up with a solution.
In his October blog post, Johnson said there are at least six different ways an app can gain administrative privileges, but he kept the sixth method a secret. The vulnerability is in the sixth method. According to the developer, it is about the sandbox of an app. Johnson accidentally discovered that a sandbox app could modify files that he shouldn’t.
To demonstrate the issue, Johnson released an example with the source code of two apps and a sandboxed app in a non-sandboxed version. The sandboxed help app is a document that can overwrite the contents of a file. Johnson says the override in macOS 13.5.1 completely bypasses App Management.
Johnson also created an example of a vulnerability in macOS Mojave in June 2020 that bypassed file privacy and security protections. At the time, he described Apple’s security as “security theater.”
Do you always want to stay informed about the latest news about Apple? Sign up for our daily/weekly newsletter. In addition, download the free iphoned app and keep an eye on our website. Then you’ll never miss an Apple news again!
-
Major Vulnerability Found in macOS Ventura!
-
Filming upside down with your iPhone is sometimes really better (here’s why)
-
Alternative to the AirTag for sale at the Action (but is it what?)
-
Will you no longer be able to block people on X / Twitter?
-
This is how you absolutely should not charge your iPhone (iPhone news #33)